» plusvid-codedownloader.exe
Overview
Analysis
File Details
Network (3)

plusvid-codedownloader.exe

PlusVid

Phoenix Media

The application plusvid-codedownloader.exe has been detected as adware by 23 anti-malware scanners. Built using the Crossrider web brower toolkit the CodeDownloader component will automatically connnect to the remote API server and download additional code/components for Phoenix Media extension/toolbar. The component makes a number of requests to the host app-static.crossrider.com/plugins/.../monetization/monetizationLoader.js. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.

File name:

Publisher:

Phoenix Media

Product:

PlusVid

Description:

PlusVid exe

Version:

1000.1000.1000.1000

MD5:

0fdeaa6fb5c139436d21c79d0bdead1f

SHA-1:

4986085d8339b8b20c5aad88c53f6c473f1d53e3

Scanner detections:

23 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/26/2024 7:41:00 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.950360

925

AhnLab V3 Security

PUP/Win32.PlusHD

2014.07.01

Avira AntiVirus

Adware/CrossRider.A.6379

7.11.157.204

avast!

Win32:Adware-gen [Adw]

2014.9-140725

AVG

Generic_r

2015.0.3403

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14725

Bitdefender

Adware.Generic.950360

1.0.20.1030

Comodo Security

ApplicUnwnt

18719

Emsisoft Anti-Malware

Adware.Generic.950360

8.14.07.25.10

ESET NOD32

Win32/Toolbar.CrossRider.AJ (variant)

8.10023

Fortinet FortiGate

Riskware/Toolbar_CrossRider

7/25/2014

F-Secure

Adware.Generic.950360

11.2014-25-07_6

G Data

Adware.Generic.950360

14.7.24

K7 AntiVirus

Trojan

13.180.12574

Malwarebytes

PUP.Optional.PlusVid.A

v2014.07.25.10

McAfee

RDN/Generic PUP.x!chn

5600.7059

MicroWorld eScan

Adware.Generic.950360

15.0.0.618

Qihoo 360 Security

Win32/Virus.Adware.51a

1.0.0.1015

Reason Heuristics

PUP.Crossrider.PhoenixMedia.W

14.8.1.0

Sophos

AppRider

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0OFP14

7.2.206

Trend Micro

TROJ_GEN.R0CBC0OFP14

10.465.25

VIPRE Antivirus

Crossrider

30820

File size:

496 KB (507,904 bytes)

Product version:

1000.1000.1000.1000

Original file name:

PlusVid.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\plusvid\plusvid-codedownloader.exe

File PE Metadata

OS bitness:

Win64

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.srvstatsdata.com (69.16.175.42:80)

http://update.srvstatsdata.com/installer_updates/001743/update.json

TCP (HTTP):

Connects to stats.srvstatsdata.com (176.32.99.41:80)

TCP (HTTP):

Connects to app-static.crossrider.com (69.16.175.10:80)

Remove plusvid-codedownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.